Search Results (4683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50922 1 Litexmedia 1 Audio Conversion Wizard 2026-04-15 9.8 Critical
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code execution through a carefully constructed input buffer.
CVE-2024-4511 2026-04-15 6.3 Medium
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6199 2026-04-15 N/A
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.
CVE-2024-41660 1 Openbmc-project 1 Slpd-lite 2026-04-15 9.8 Critical
slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.
CVE-2025-10948 1 Mikrotik 1 Routeros 2026-04-15 8.8 High
A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.21beta2 mitigates this issue. You should upgrade the affected component. The vendor replied: "Our bug tracker reports that your issue has been fixed. This means that we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out."
CVE-2025-9558 1 Zephyrproject-rtos 1 Zephyr 2026-04-15 7.6 High
There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size.
CVE-2025-9557 1 Zephyrproject-rtos 1 Zephyr 2026-04-15 7.6 High
‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬
CVE-2020-37187 1 Nsasoft 1 Nsauditor Spotdialup 2026-04-15 7.5 High
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2024-0099 2026-04-15 7.8 High
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
CVE-2026-4687 1 Mozilla 2 Firefox, Firefox Esr 2026-04-14 9.6 Critical
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4689 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-14 10 Critical
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4690 1 Mozilla 2 Firefox, Firefox Esr 2026-04-14 9.6 Critical
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4720 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-14 9.8 Critical
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4729 1 Mozilla 2 Firefox, Thunderbird 2026-04-14 9.8 Critical
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2026-4721 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-14 9.8 Critical
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2025-52909 1 Samsung 21 Exynos, Exynos 1280, Exynos 1280 Firmware and 18 more 2026-04-14 9.8 Critical
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 2 of 2.
CVE-2026-5734 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-14 8.1 High
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
CVE-2025-45059 1 Dlink 2 Di-8300, Di-8300 Firmware 2026-04-14 7.5 High
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-52221 1 Tenda 2 Ac6, Ac6 Firmware 2026-04-14 7.5 High
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
CVE-2025-50673 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-14 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.